Search
Find a vulnerability
Search criteria
2 vulnerabilities found for babel by pocoo
CVE-2021-42771 (GCVE-0-2021-42771)
Vulnerability from nvd – Published: 2021-10-20 20:05 – Updated: 2024-08-04 03:38
VLAI
EPSS
VEX
Summary
Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files (containing serialized Python objects) via directory traversal, leading to code execution.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://www.tenable.com/security/research/tra-2021-14 | x_refsource_MISC |
| https://github.com/python-babel/babel/pull/782 | x_refsource_MISC |
| https://lists.debian.org/debian-lts/2021/10/msg00… | x_refsource_MISC |
| https://lists.debian.org/debian-lts-announce/2021… | mailing-listx_refsource_MLIST |
| https://www.debian.org/security/2021/dsa-5018 | vendor-advisoryx_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:38:50.154Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2021-14"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/python-babel/babel/pull/782"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts/2021/10/msg00040.html"
},
{
"name": "[debian-lts-announce] 20211021 [SECURITY] [DLA 2790-1] python-babel security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00018.html"
},
{
"name": "DSA-5018",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-5018"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files (containing serialized Python objects) via directory traversal, leading to code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-10T02:06:18.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2021-14"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/python-babel/babel/pull/782"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.debian.org/debian-lts/2021/10/msg00040.html"
},
{
"name": "[debian-lts-announce] 20211021 [SECURITY] [DLA 2790-1] python-babel security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00018.html"
},
{
"name": "DSA-5018",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-5018"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-42771",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files (containing serialized Python objects) via directory traversal, leading to code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2021-14",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2021-14"
},
{
"name": "https://github.com/python-babel/babel/pull/782",
"refsource": "MISC",
"url": "https://github.com/python-babel/babel/pull/782"
},
{
"name": "https://lists.debian.org/debian-lts/2021/10/msg00040.html",
"refsource": "MISC",
"url": "https://lists.debian.org/debian-lts/2021/10/msg00040.html"
},
{
"name": "[debian-lts-announce] 20211021 [SECURITY] [DLA 2790-1] python-babel security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00018.html"
},
{
"name": "DSA-5018",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-5018"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-42771",
"datePublished": "2021-10-20T20:05:35.000Z",
"dateReserved": "2021-10-20T00:00:00.000Z",
"dateUpdated": "2024-08-04T03:38:50.154Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42771 (GCVE-0-2021-42771)
Vulnerability from cvelistv5 – Published: 2021-10-20 20:05 – Updated: 2024-08-04 03:38
VLAI
EPSS
VEX
Summary
Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files (containing serialized Python objects) via directory traversal, leading to code execution.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://www.tenable.com/security/research/tra-2021-14 | x_refsource_MISC |
| https://github.com/python-babel/babel/pull/782 | x_refsource_MISC |
| https://lists.debian.org/debian-lts/2021/10/msg00… | x_refsource_MISC |
| https://lists.debian.org/debian-lts-announce/2021… | mailing-listx_refsource_MLIST |
| https://www.debian.org/security/2021/dsa-5018 | vendor-advisoryx_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:38:50.154Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2021-14"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/python-babel/babel/pull/782"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts/2021/10/msg00040.html"
},
{
"name": "[debian-lts-announce] 20211021 [SECURITY] [DLA 2790-1] python-babel security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00018.html"
},
{
"name": "DSA-5018",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-5018"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files (containing serialized Python objects) via directory traversal, leading to code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-10T02:06:18.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2021-14"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/python-babel/babel/pull/782"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.debian.org/debian-lts/2021/10/msg00040.html"
},
{
"name": "[debian-lts-announce] 20211021 [SECURITY] [DLA 2790-1] python-babel security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00018.html"
},
{
"name": "DSA-5018",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-5018"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-42771",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files (containing serialized Python objects) via directory traversal, leading to code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2021-14",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2021-14"
},
{
"name": "https://github.com/python-babel/babel/pull/782",
"refsource": "MISC",
"url": "https://github.com/python-babel/babel/pull/782"
},
{
"name": "https://lists.debian.org/debian-lts/2021/10/msg00040.html",
"refsource": "MISC",
"url": "https://lists.debian.org/debian-lts/2021/10/msg00040.html"
},
{
"name": "[debian-lts-announce] 20211021 [SECURITY] [DLA 2790-1] python-babel security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00018.html"
},
{
"name": "DSA-5018",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-5018"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-42771",
"datePublished": "2021-10-20T20:05:35.000Z",
"dateReserved": "2021-10-20T00:00:00.000Z",
"dateUpdated": "2024-08-04T03:38:50.154Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}